Android project is MIA, but VMware still pimping smartphone virtualization.

SAN FRANCISCO, CALIFORNIA—Back in 2010, VMware unveiled one of its most ambitious projects for joining the worlds of consumer and business technology: virtualization for smartphones.

Unfortunately, it never came to be. By 2011, VMware said, there would be hardware partners selling virtualized smartphones, using a hypervisor to run a guest operating system that isolates work applications and data from personal ones. As release dates got pushed into the future and became less specific, it took on the feel of a classic vaporware project.

But VMware is not giving up. On Tuesday at the annual VMworld conference, VMware said the Android project—called Horizon Mobile—is still alive, and moreover that it will be adapted to the iPhone.

“It’s alive and well. We have some great announcements coming up relatively soon,” CTO Steve Herrod said on the keynote stage, right before lodging a dig at VMware rival Microsoft. “When I talk to customers, they say, 'That’s a great solution for Android, but I have another phone I want you to work with.' Do you know what that is?… Windows Phone, exactly.”

But, of course, it’s the iPhone that VMware is targeting. Horizon Mobile for iPhones and iPads—assuming it ever becomes available, no release date was announced—will let IT shops deploy work applications to iPhone users within a protected container. Users would have to type a password to get into their work apps, and data leakage could be prevented by restricting document access to work apps. Users could also be prevented from copying and pasting text from a work app to a personal app.

Not quite virtualization

The technology is actually more basic than Horizon Mobile for Android. VMware’s Android virtualization uses an actual hypervisor to create a guest operating system—a second instance of Android—in which work applications are run.

Horizon Mobile for iOS won’t use virtualization. It will take advantage of existing Apple programs to deploy business-related apps outside the general App Store. One possible mode of deployment is the iOS Developer Enterprise Program. Similar technologies are already on the market from companies that help businesses build private app stores. But VMware claims its iOS technology will be more secure and have the advantage of integrating with other useful VMware tools for delivering apps to a range of devices, including desktops.

Horizon Mobile for iOS seems like the kind of technology VMware could have deployed a year ago. Instead, the company decided to pursue Android first because of its market share, and the open nature of the platform allowed the building of a real hypervisor. This turned problematic because the approach required reliance on carriers and hardware vendors to pre-install the software. VMware has been promising actual shipping Android phones with Horizon Mobile for quite some time now, and continued making promises this week, saying announcements involving Verizon phones are coming “soon."

Horizon Mobile for iOS is being tested internally at VMware, and is scheduled for a beta program in the fourth quarter. We assume VMware hopes to get Horizon Mobile on iPhones and iPads in 2013. It should be a simpler matter than bringing an integrated hypervisor to carrier-specific Android devices, but the project seems to have gotten off to a late start and won’t be available until after the Android version.

“VMware has yet to announce availability for Horizon Mobile on the market,” a company spokesperson told us. “However, the Android version is further along in development and will likely be available prior to the iOS version.” In case you’re wondering, Horizon for iPhone would be different from the existing VMware View for iPhone, which allows remote access to server-hosted desktops and applications instead of containerized versions of local applications.

In a Horizon Mobile for iPhone demo shown today, a user had a folder devoted to work-related applications, such as Salesforce, an intranet, and mail. There was also an app store hosted by the user’s employer. This is important not only for work-specific applications that may not be available on the Apple App Store, but also because the security restrictions VMware wants to place upon work apps can’t be applied to apps from the public App Store, VMware mobile executive Srinivas Krishnamurti told Ars.

Give the customers what they want. But which customers?

End-users may not be thrilled by the prospect. It’s hard to imagine them demanding more restrictions on devices they bought themselves. But VMware is betting IT shops will want to deploy the technology to prevent data leakage, and hoping they can make it as unobtrusive as possible.

Horizon Mobile is part of a larger strategy of delivering business apps to end-users across multiple devices, from desktops to phones. Although VMware has long dominated server virtualization, it has lagged behind rival Citrix in end-user computing. VMware is trying to change that, in part with its recent acquisition of desktop virtualization vendor Wanova, maker of the Mirage technology.

Today, a VMware demo showed how Mirage and VMware’s pre-existing View technology can be used together to allow a user constant access to a Windows desktop from any device. VMware End User Computing VP Vittorio Viarengo served as the guinea pig in the demo. First, his laptop was upgraded from Windows XP to Windows 7 with a background installation of the Windows 7 OS image, followed by a reboot. All data, applications, and personal settings made the journey from XP to 7.

Viarengo then accessed his entire Windows 7 desktop from an Android tablet and a MacBook, after a stage pratfall ended with the original Windows laptop being broken in half. Mirage, VMware noted, keeps a virtual copy of all a user’s content stored in a customer’s data center.

View and Mirage today are separate products, but server-hosted desktop images can be moved between the two to perform different functions. VMware said it will work on integrating the two products more fully later on, at an unspecified date. One likely point of integration is allowing the two products to use the same OS image. “We have no intention of keeping these things as isolated products,” VMware Desktop Product Manager Phil Montgomery told Ars.

In the meantime, View lets customers “easily migrate operating systems and push your desktop on to mobile devices such as tablets,” a VMware spokesperson said via e-mail. “With Mirage, you have central image management with local execution for disconnected devices. Together, they create a complete solution to help transform legacy desktops into a service.”

VMware is further tying its end-user computing products together in what it’s calling the Horizon Suite. This is aimed at giving IT shops a central place to manage and deploy end-user applications to various devices, bringing Windows, Android, iOS, and Web-based applications into the same management console. The suite will include a Dropbox-style cloud storage tool formerly known as Project Octopus and now called Horizon Data. The suite will also eventually support applications deployed through competitive desktop virtualization services such as Citrix XenApp and Microsoft’s Remote Desktop Services.

But the Horizon Suite is on the same timeline as Horizon Mobile for iPhones, as it’s in the alpha stage now with a beta promised for Q4 2012. A general availability date has not been revealed. While VMware has certainly put its stamp on the data center, as we noted yesterday, it hasn’t quite achieved its vision of revolutionizing the way normal people work.

Promoted Comments

Horizon Mobile for iPhones and iPads—assuming it ever becomes available, no release date was announced—will let IT shops deploy work applications to iPhone users within a protected container. Users would have to type a password to get into their work apps, and data leakage could be prevented by restricting document access to work apps. Users could also be prevented from copying and pasting text from a work app to a personal app.

An enterprise deployment license from Apple is only $250 per year. If all Horizon Mobile customers pay for that, then it seems perfectly feasible for VMWare to implement these features.

Once a phone is linked to an enterprise account, the IT department can completely bypasses the the App Store review process and install arbitrary code. The only restriction is you can only install enterprise apps on devices owned by an employee of the enterprise.

VMWare just creates an SDK to let you store data in an encrypted container (perhaps with dropbox style cloud mirroring), and an API for writing/reading encrypted data to the clipboard. Non-Horizon Mobile apps would not have the necessary keys to decrypt the text you copied, and therefore would not even offer you a "paste" option in the menu.

Apple has created a comprehensive protocol allowing enterprises to, essentially, run their own app store and manage which employees are able to have which app installed (or even force employees to have a specific app) and provide software update for those apps. The only part Apple doesn't provide is a server implementation... VMWare is perfectly positioned to provide enterprise iOS management.

13 Reader Comments

Horizon Mobile for iPhones and iPads—assuming it ever becomes available, no release date was announced—will let IT shops deploy work applications to iPhone users within a protected container. Users would have to type a password to get into their work apps, and data leakage could be prevented by restricting document access to work apps. Users could also be prevented from copying and pasting text from a work app to a personal app.

An enterprise deployment license from Apple is only $250 per year. If all Horizon Mobile customers pay for that, then it seems perfectly feasible for VMWare to implement these features.

Once a phone is linked to an enterprise account, the IT department can completely bypasses the the App Store review process and install arbitrary code. The only restriction is you can only install enterprise apps on devices owned by an employee of the enterprise.

VMWare just creates an SDK to let you store data in an encrypted container (perhaps with dropbox style cloud mirroring), and an API for writing/reading encrypted data to the clipboard. Non-Horizon Mobile apps would not have the necessary keys to decrypt the text you copied, and therefore would not even offer you a "paste" option in the menu.

Apple has created a comprehensive protocol allowing enterprises to, essentially, run their own app store and manage which employees are able to have which app installed (or even force employees to have a specific app) and provide software update for those apps. The only part Apple doesn't provide is a server implementation... VMWare is perfectly positioned to provide enterprise iOS management.

1. There is 1 GB of RAM on an iPhone 4 or 4S. There is no room for a hypervisor in real memory plus two user sessions.2. There is nowhere near enough CPU power in today's ARM chips to run a VM and multiple users.3. Battery life goes to hell since the VM is always running.

There's a much longer list to write but it only takes three good nails to close a coffin.

The reason they went with Android was licensing. They have been able to virtualize iOS for about as long as they could virtualize OS X. They just can't sell such a product because Apple's being ... I don't know what they're being, but helpful to end users is not it. You are not able to run OS X on non-Apple hardware, and they are apparently more restrictive on iDevices. It's a shame, because it would sell like hotcakes and even if they just got $1/device from VM, they'd rake in millions.

I know why people don't, but if businesses are serious about data security, they should require users to use a separate device for business, tough I know, but these mobile phones (Android especially!) really aren't designed for multiple users (even though it's the same person). I know AOSP is working on multiple users, really I think that if this type of security comes to pass, it will work best at OS level.

1. There is 1 GB of RAM on an iPhone 4 or 4S. There is no room for a hypervisor in real memory plus two user sessions.2. There is nowhere near enough CPU power in today's ARM chips to run a VM and multiple users.3. Battery life goes to hell since the VM is always running.

There's a much longer list to write but it only takes three good nails to close a coffin.

it's actually 512MB not 1GB. And if you read the article, it says that the iOS version doesn't use actual VMs, only the android version. Snapdragon or quad core CPUs in Samsung S3 or HTC One X can easily handle a VM, provided that it's optimized enough.

1. There is 1 GB of RAM on an iPhone 4 or 4S. There is no room for a hypervisor in real memory plus two user sessions.2. There is nowhere near enough CPU power in today's ARM chips to run a VM and multiple users.3. Battery life goes to hell since the VM is always running.

There's a much longer list to write but it only takes three good nails to close a coffin.

The reason they went with Android was licensing. They have been able to virtualize iOS for about as long as they could virtualize OS X. They just can't sell such a product because Apple's being ... I don't know what they're being, but helpful to end users is not it. You are not able to run OS X on non-Apple hardware, and they are apparently more restrictive on iDevices. It's a shame, because it would sell like hotcakes and even if they just got $1/device from VM, they'd rake in millions.

Millions? You realize Apple makes billions of dollars a year, right? I don't think your business case is going to convince them to license iOS.

Millions? You realize Apple makes billions of dollars a year, right? I don't think your business case is going to convince them to license iOS.

It's free money. Every penny would be profit. What is the downside that is stopping them?

Vertical integration is what's stopping them. And I would also argue that Apple doesn't view virtualisation as the correct solution to the primary problem of multiple users/profiles.

And I believe Google tends to agree here, since Jelly Bean built an experimental implementation in. I don't know how well it works, but I think both Apple and Google are contemplating the correct solution.

And I believe Google tends to agree here, since Jelly Bean built an experimental implementation in. I don't know how well it works, but I think both Apple and Google are contemplating the correct solution.

That's not it at all. With MVP, you can be logged in as both users. If user1's phone rings, you pick up. If user2's phone rings, you suspend the first call and pick up the second. At the same time. Same thing with apps, run two apps at once. Two SMS endpoints, etc.

And I believe Google tends to agree here, since Jelly Bean built an experimental implementation in. I don't know how well it works, but I think both Apple and Google are contemplating the correct solution.

That's not it at all. With MVP, you can be logged in as both users. If user1's phone rings, you pick up. If user2's phone rings, you suspend the first call and pick up the second. At the same time. Same thing with apps, run two apps at once. Two SMS endpoints, etc.

Yes, thank you. I understand what virtualization provides. The primary difference between virtualization and a mobile multi-user system lie within provisioning (solved, as per abhi_beckhart's post) and a "physical" separation between sets of resources.

In this regard, there certainly is a merit to MVP in general, in that they can offer an abstraction of telephony hardware as part of that separation of resources. For telephony, I can't imagine either Google or Apple viewing it as anything but a short-term end-run workaround for inconsistent carrier policies. Google has already abstracted portions of telephony via Google Voice -- why couldn't they then deeply integrate it with Android and then build atop it to provide the things you mentioned? I know Google Voice is a glorified call forwarding service, but as long as you can respond via that front-facing number -- and you can -- what's the functional difference?

And as for the rest of the things that denote resources ((sub)-sets of applications, configurations, and differing access levels) -- I don't think most use cases require a "physical" separation be made here. Multi-user systems are deployed all over the place in a plethora of varying security contexts.

The point is that there are lighter-weight -- and I would argue more appropriate for the mobile space -- solutions that don't require the overhead of a virtualization platform. They accommodate 80% of the problem, at least, with the rest being left to security and perhaps deployment edge-cases that MVP can address. But I feel that it's something that neither merits nor will receive widespread adoption.

And, remember, this is in context to your question as to why Apple doesn't license iOS for virtualization. It's not really a critique on MVP in general.